📄 ntddk.pas
字号:
//
// all DDDK drivers should include this unit
// this unit exports all currently supported kernel function, structures and constants
//
unit ntddk;
interface
const
NtKernel = 'ntoskrnl.exe';
NtHal = 'hal.dll';
STATUS_SUCCESS = $00000000;
STATUS_UNSUCCESSFUL = $C0000001;
STATUS_NOT_IMPLEMENTED = $C0000002;
STATUS_INVALID_INFO_CLASS = $C0000003;
STATUS_INFO_LENGTH_MISMATCH = $C0000004;
STATUS_ACCESS_VIOLATION = $C0000005;
STATUS_IN_PAGE_ERROR = $C0000006;
STATUS_PAGEFILE_QUOTA = $C0000007;
STATUS_INVALID_HANDLE = $C0000008;
STATUS_BAD_INITIAL_STACK = $C0000009;
STATUS_BAD_INITIAL_PC = $C000000A;
STATUS_INVALID_CID = $C000000B;
STATUS_TIMER_NOT_CANCELED = $C000000C;
STATUS_INVALID_PARAMETER = $C000000D;
STATUS_NO_SUCH_DEVICE = $C000000E;
STATUS_NO_SUCH_FILE = $C000000F;
STATUS_INVALID_DEVICE_REQUEST = $C0000010;
IRP_MJ_CREATE = $00;
IRP_MJ_CREATE_NAMED_PIPE = $01;
IRP_MJ_CLOSE = $02;
IRP_MJ_READ = $03;
IRP_MJ_WRITE = $04;
IRP_MJ_QUERY_INFORMATION = $05;
IRP_MJ_SET_INFORMATION = $06;
IRP_MJ_QUERY_EA = $07;
IRP_MJ_SET_EA = $08;
IRP_MJ_FLUSH_BUFFERS = $09;
IRP_MJ_QUERY_VOLUME_INFORMATION= $0A;
IRP_MJ_SET_VOLUME_INFORMATION = $0B;
IRP_MJ_DIRECTORY_CONTROL = $0C;
IRP_MJ_FILE_SYSTEM_CONTROL = $0D;
IRP_MJ_DEVICE_CONTROL = $0E;
IRP_MJ_INTERNAL_DEVICE_CONTROL = $0F;
IRP_MJ_SHUTDOWN = $10;
IRP_MJ_LOCK_CONTROL = $11;
IRP_MJ_CLEANUP = $12;
IRP_MJ_CREATE_MAILSLOT = $13;
IRP_MJ_QUERY_SECURITY = $14;
IRP_MJ_SET_SECURITY = $15;
IRP_MJ_POWER = $16;
IRP_MJ_SYSTEM_CONTROL = $17;
IRP_MJ_DEVICE_CHANGE = $18;
IRP_MJ_QUERY_QUOTA = $19;
IRP_MJ_SET_QUOTA = $1A;
IRP_MJ_PNP = $1B;
IRP_MJ_PNP_POWER = IRP_MJ_PNP;
IRP_MJ_MAXIMUM_FUNCTION = $1B;
DO_BUFFERED_IO = $00000004;
DO_EXCLUSIVE = $00000008;
DO_DIRECT_IO = $00000010;
DO_MAP_IO_BUFFER = $00000020;
DO_DEVICE_INITIALIZING = $00000080;
DO_SHUTDOWN_REGISTERED = $00000800;
DO_BUS_ENUMERATED_DEVICE = $00001000;
DO_POWER_PAGABLE = $00002000;
DO_POWER_INRUSH = $00004000;
FILE_DEVICE_BEEP = $00000001;
FILE_DEVICE_CD_ROM = $00000002;
FILE_DEVICE_CD_ROM_FILE_SYSTEM = $00000003;
FILE_DEVICE_CONTROLLER = $00000004;
FILE_DEVICE_DATALINK = $00000005;
FILE_DEVICE_DFS = $00000006;
FILE_DEVICE_DISK = $00000007;
FILE_DEVICE_DISK_FILE_SYSTEM = $00000008;
FILE_DEVICE_FILE_SYSTEM = $00000009;
FILE_DEVICE_INPORT_PORT = $0000000A;
FILE_DEVICE_KEYBOARD = $0000000B;
FILE_DEVICE_MAILSLOT = $0000000C;
FILE_DEVICE_MIDI_IN = $0000000D;
FILE_DEVICE_MIDI_OUT = $0000000E;
FILE_DEVICE_MOUSE = $0000000F;
FILE_DEVICE_MULTI_UNC_PROVIDER = $00000010;
FILE_DEVICE_NAMED_PIPE = $00000011;
FILE_DEVICE_NETWORK = $00000012;
FILE_DEVICE_NETWORK_BROWSER = $00000013;
FILE_DEVICE_NETWORK_FILE_SYSTEM= $00000014;
FILE_DEVICE_NULL = $00000015;
FILE_DEVICE_PARALLEL_PORT = $00000016;
FILE_DEVICE_PHYSICAL_NETCARD = $00000017;
FILE_DEVICE_PRINTER = $00000018;
FILE_DEVICE_SCANNER = $00000019;
FILE_DEVICE_SERIAL_MOUSE_PORT = $0000001A;
FILE_DEVICE_SERIAL_PORT = $0000001B;
FILE_DEVICE_SCREEN = $0000001C;
FILE_DEVICE_SOUND = $0000001D;
FILE_DEVICE_STREAMS = $0000001E;
FILE_DEVICE_TAPE = $0000001F;
FILE_DEVICE_TAPE_FILE_SYSTEM = $00000020;
FILE_DEVICE_TRANSPORT = $00000021;
FILE_DEVICE_UNKNOWN = $00000022;
FILE_DEVICE_VIDEO = $00000023;
FILE_DEVICE_VIRTUAL_DISK = $00000024;
FILE_DEVICE_WAVE_IN = $00000025;
FILE_DEVICE_WAVE_OUT = $00000026;
FILE_DEVICE_8042_PORT = $00000027;
FILE_DEVICE_NETWORK_REDIRECTOR = $00000028;
FILE_DEVICE_BATTERY = $00000029;
FILE_DEVICE_BUS_EXTENDER = $0000002A;
FILE_DEVICE_MODEM = $0000002B;
FILE_DEVICE_VDM = $0000002C;
FILE_DEVICE_MASS_STORAGE = $0000002D;
FILE_DEVICE_SMB = $0000002E;
FILE_DEVICE_KS = $0000002F;
FILE_DEVICE_CHANGER = $00000030;
FILE_DEVICE_SMARTCARD = $00000031;
FILE_DEVICE_ACPI = $00000032;
FILE_DEVICE_DVD = $00000033;
FILE_DEVICE_FULLSCREEN_VIDEO = $00000034;
FILE_DEVICE_DFS_FILE_SYSTEM = $00000035;
FILE_DEVICE_DFS_VOLUME = $00000036;
FILE_DEVICE_SERENUM = $00000037;
FILE_DEVICE_TERMSRV = $00000038;
FILE_DEVICE_KSEC = $00000039;
FILE_DEVICE_FIPS = $0000003A;
EVENT_INCREMENT = 1;
IO_NO_INCREMENT = 0;
IO_CD_ROM_INCREMENT = 1;
IO_DISK_INCREMENT = 1;
IO_KEYBOARD_INCREMENT = 6;
IO_MAILSLOT_INCREMENT = 2;
IO_MOUSE_INCREMENT = 6;
IO_NAMED_PIPE_INCREMENT = 2;
IO_NETWORK_INCREMENT = 2;
IO_PARALLEL_INCREMENT = 1;
IO_SERIAL_INCREMENT = 2;
IO_SOUND_INCREMENT = 8;
IO_VIDEO_INCREMENT = 1;
SEMAPHORE_INCREMENT = 1;
MAXIMUM_FILENAME_LENGTH = 256;
FILE_REMOVABLE_MEDIA = $00000001;
FILE_READ_ONLY_DEVICE = $00000002;
FILE_FLOPPY_DISKETTE = $00000004;
FILE_WRITE_ONCE_MEDIA = $00000008;
FILE_REMOTE_DEVICE = $00000010;
FILE_DEVICE_IS_MOUNTED = $00000020;
FILE_VIRTUAL_VOLUME = $00000040;
FILE_AUTOGENERATED_DEVICE_NAME = $00000080;
FILE_DEVICE_SECURE_OPEN = $00000100;
FILE_CHARACTERISTIC_PNP_DEVICE = $00000800;
FileBasicInformation = 4;
FileStandardInformation = 5;
FilePositionInformation = 14;
FileEndOfFileInformation = 20;
FileFsVolumeInformation = 1;
FileFsLabelInformation = 2;
FileFsSizeInformation = 3;
FileFsDeviceInformation = 4;
FileFsAttributeInformation = 5;
FileFsControlInformation = 6;
FileFsFullSizeInformation = 7;
FileFsObjectIdInformation = 8;
FileFsDriverPathInformation = 9;
FileFsMaximumInformation = 10;
BusRelations = 0;
EjectionRelations = 1;
PowerRelations = 2;
RemovalRelations = 3;
TargetDeviceRelation = 4;
SingleBusRelations = 5;
BusQueryDeviceID = 0; // <Enumerator>\<Enumerator-specific device id>
BusQueryHardwareIDs = 1; // Hardware ids
BusQueryCompatibleIDs = 2; // compatible device ids
BusQueryInstanceID = 3; // persistent id for this instance of the device
BusQueryDeviceSerialNumber = 4; // serial number for this device
DeviceTextDescription = 0; // DeviceDesc property
DeviceTextLocationInformation = 1; // DeviceLocation property
DeviceUsageTypeUndefined = 0;
DeviceUsageTypePaging = 1;
DeviceUsageTypeHibernation = 2;
DeviceUsageTypeDumpFile = 3;
PowerSystemUnspecified = 0;
PowerSystemWorking = 1;
PowerSystemSleeping1 = 2;
PowerSystemSleeping2 = 3;
PowerSystemSleeping3 = 4;
PowerSystemHibernate = 5;
PowerSystemShutdown = 6;
PowerSystemMaximum = 7;
PowerActionNone = 0;
PowerActionReserved = 1;
PowerActionSleep = 2;
PowerActionHibernate = 3;
PowerActionShutdown = 4;
PowerActionShutdownReset = 5;
PowerActionShutdownOff = 6;
PowerActionWarmEject = 7;
PowerDeviceUnspecified = 0;
PowerDeviceD0 = 1;
PowerDeviceD1 = 2;
PowerDeviceD2 = 3;
PowerDeviceD3 = 4;
PowerDeviceMaximum = 5;
SystemPowerState = 0;
DevicePowerState = 1;
Executive = 0;
FreePage = 1;
PageIn = 2;
PoolAllocation = 3;
DelayExecution = 4;
Suspended = 5;
UserRequest = 6;
WrExecutive = 7;
WrFreePage = 8;
WrPageIn = 9;
WrPoolAllocation = 10;
WrDelayExecution = 11;
WrSuspended = 12;
WrUserRequest = 13;
WrEventPair = 14;
WrQueue = 15;
WrLpcReceive = 16;
WrLpcReply = 17;
WrVirtualMemory = 18;
WrPageOut = 19;
WrRendezvous = 20;
Spare2 = 21;
Spare3 = 22;
Spare4 = 23;
Spare5 = 24;
Spare6 = 25;
WrKernel = 26;
MaximumWaitReason = 27;
KernelMode = 0;
UserMode = 1;
MaximumMode = 2;
NonPagedPool = 0;
PagedPool = 1;
NonPagedPoolMustSucceed = 2;
DontUseThisType = 3;
NonPagedPoolCacheAligned = 4;
PagedPoolCacheAligned = 5;
NonPagedPoolCacheAlignedMustS = 6;
MaxPoolType = 7;
// Windows Const
const
MAX_PATH = 260;
//
// types are very important,
// because we want to code drivers in Delphi we use we use Delphi style
// of types, but also we want to have some code compatibility so we implement
// also WinAPI (C) style of types
//
type
LONG = Integer;
PLONG = ^LONG;
ULONG = Cardinal;
USHORT = Word;
PVOID = Pointer;
PPVOID = ^PVOID;
DWORD = Cardinal;
PULONG = ^ULONG;
LONGLONG = Int64;
NTSTATUS = ULONG;
LCID = ULONG;
TDeviceType=ULONG;
DEVICE_TYPE=TDeviceType;
TKProcessorMode=Byte;
KPROCESSOR_MODE=TKProcessorMode;
TKIrql=Byte;
KIRQL=TKIRQL;
PEThread=Pointer;
PEProcess=Pointer;
PKThread=Pointer; //PKTHREAD
PHandle=^THandle;
TAccessMask=ULONG;
type
FILE_INFORMATION_CLASS = BYTE;
PAnsiString = ^TAnsiString;
TAnsiString = packed record
Length: Word;
MaximumLength: Word;
Buffer: PChar;
end;
PUnicodeString = ^TUnicodeString;
TUnicodeString = packed record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end;
UNICODE_STRING = TUnicodeString;
PUNICODE_STRING = ^UNICODE_STRING;
PLargeInteger=^TLargeInteger;
TLargeInteger=packed record
LowPart:Cardinal;
HighPart:Integer;
end;
PObjectAttributes=^TObjectAttributes;
TObjectAttributes = packed record
Length: Cardinal;
RootDirectory: THandle;
ObjectName: PUnicodeString;
Attributes: Cardinal;
SecurityDescriptor: Pointer;
SecurityQualityOfService: Pointer;
end;
OBJECT_ATTRIBUTES = TObjectAttributes;
POBJECT_ATTRIBUTES=^OBJECT_ATTRIBUTES;
PClientId=^TClientId;
TClientId=packed record
UniqueProcess:Cardinal;
UniqueThread:Cardinal;
end;
CLIENT_ID=TClientId;
PCLIENT_ID=^CLIENT_ID;
PDriverObject=^TDriverObject;
PDeviceObject=^TDeviceObject;
PIrp=^TIrp;
PListEntry=^TListEntry;
TListEntry=packed record
Flink:PListEntry;
BLink:PListEntry;
end;
LIST_ENTRY=TListEntry;
PLIST_ENTRY=^LIST_ENTRY;
PRLIST_ENTRY=PLIST_ENTRY;
PKDeviceQueueEntry=^TKDeviceQueueEntry;
TKDeviceQueueEntry=packed record
DeviceListEntry:TListEntry;
SortKey:Cardinal;
Inserted:LongBool;
end;
KDEVICE_QUEUE_ENTRY=TKDeviceQueueEntry;
PKDEVICE_QUEUE_ENTRY=^KDEVICE_QUEUE_ENTRY;
PRKDEVICE_QUEUE_ENTRY=PKDEVICE_QUEUE_ENTRY;
PWaitContextBlock=^TWaitContextBlock;
TWaitContextBlock=packed record
WaitQueueEntry:TKDeviceQueueEntry;
DeviceRoutine:Pointer; //PDRIVER_CONTROL
DeviceContext:Pointer;
NumberOfMapRegisters:Cardinal;
DeviceObject:Pointer;
CurrentIrp:Pointer;
BufferChainingDpc:Pointer; //PKDPC
end;
WAIT_CONTEXT_BLOCK=TWaitContextBlock;
PWAIT_CONTEXT_BLOCK=^WAIT_CONTEXT_BLOCK;
TKSpinLock=Pointer; //ULONG_PTR
PKSpinLock=^TKSpinLock;
KSPIN_LOCK=TKSpinLock;
PKSPIN_LOCK=^KSPIN_LOCK;
TDeviceObjectUnionQueue=packed record
case Byte of
0:(ListEntry:TListEntry);
1:(Wcb:TWaitContextBlock);
end;
PDevObjExtension=^TDevObjExtension;
TDevObjExtension=packed record
wType:Word;
Size:Word;
DeviceObject:PDeviceObject;
end;
DEVOBJ_EXTENSION=TDevObjExtension;
PDEVOBJ_EXTENSION=^DEVOBJ_EXTENSION;
PKDeviceQueue=^TKDeviceQueue;
TKDeviceQueue=packed record
wType:Word;
Size:Word;
DeviceListHead:TListEntry;
Lock:TKSpinLock;
Busy:LongBool;
end;
KDEVICE_QUEUE=TKDeviceQueue;
PKDEVICE_QUEUE=^KDEVICE_QUEUE;
PKApc=^TKApc;
TKApc=packed record
wType:Word;
Size:Word;
Spare0:Cardinal;
Thread:PKThread;
ApcListEntry:TListEntry;
KernelRoutine:Pointer; //PKKERNEL_ROUTINE
RundownRoutine:Pointer; //PKRUNDOWN_ROUTINE
NormalRoutine:Pointer; //PKNORMAL_ROUTINE
NormalContext:Pointer;
SystemArgument1:Pointer;
SystemArgument2:Pointer;
ApcStateIndex:Byte;
ApcMode:TKProcessorMode;
Inserted:WordBool;
end;
KAPC=TKApc;
PRKAPC=PKApc;
PKDpc=^TKDpc;
TKDpc=packed record
wType:Word;
Number:Byte;
Importance:Byte;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -